Money and control drive hackers to break, enter and steal. Waves 1 and 2 are the current norm, with impact on most corporations and government agencies being information-based (fraud, economic competition, strategic positioning, hactivism). Wave 3 targets critical physical industries – networks, electrical grids, oil and gas, manufacturing plants. The impact is physical not just information. This is already in play right now, just not overt and it exists at a low level of activity. Wave 4 is around the corner: overt cyber attacks against these same critical industries at a higher level of incidence. Today we say a system was breached. Information was lost. We will need different words for the impact of Waves 3 and 4. What will this mean for our connected networks, for the protection of data and life-sustaining infrastructure systems? Is there a way to protect protection? And how are companies and governments going to protect against such attacks? What needs to be done now to begin setting the groundwork for such protections?